[rlug] iptables - blocare download fisiere.

Laurentiu Stefan Sun, 27 Nov 2016 18:10:50 -0800

Salutare.

Aveam mai demult niste un firewall pe CentOS in care aveam:


for s in ${lista}
do

  iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
-m string --string '.exe' --algo bm -j DROP
  iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
-m string --string '.zip' --algo bm -j DROP
  iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
-m string --string '.EXE' --algo bm -j DROP
  iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
-m string --string '.ZIP' --algo bm -j DROP
  iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
-m string --string '.TORRENT' --algo bm -j DROP
  iptables -A FORWARD -p tcp -s ${s} --match multiport --dports 80,443,21
-m string --string '.torrent' --algo bm -j DROP

  iptables -t nat -A PREROUTING -i eth1 -p tcp --match multiport --dports
80,21 -s ${s} -j DNAT --to 192.168.0.254:8080

  iptables -t nat -A POSTROUTING -p tcp -o ${INTERNET} --match multiport
--dports 23,25,53,110,443,5000,5001,5050,5100 -s ${s} -j SNAT --to-source
${NAT}
  iptables -t nat -A POSTROUTING -p udp -o ${INTERNET} --match multiport
--dports 53,5000,5001,5050,5100 -s ${s} -j SNAT --to-source ${NAT}

done

Vroiam sa o folosesc din nou ca sa blochez fisierele respective dar am
constatat ca nu mai merge.

Am incercat sa fac si pt. fiecare port in parte (sa renunt la --match
multiport) si nu a mers.

Nu as vrea sa folosesc squid-ul ca sa blochez fisierele astea. (daca mai
merge blocat prin iptables)

Multumesc anticipat.
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug

[rlug] iptables - blocare download fisiere.

Raspunde prin e-mail lui